Exchange Hybrid Deployment with Office 365 - Part I - It's all about Messaging!!! - Site Home
This blog is part I series of my blog "Exchange Hybrid Deployment with Office 365 - part I" which covers overview of Exchange Hybrid Deployment, advantages, consideration's , what happens behind the scenes when deploying Hybrid and last but and not the least the step's to deploy Exchange Hybrid.
What is Exchange Hybrid Deployment:A)
Hybrid allows on-premises organization and cloud organization work together like a single, seamless organization. In other word's hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange Server 2013 organization and Exchange Online in Microsoft Office 365
Benefits of Exchange Hybrid: B)
- Exchange Online users and on-premises users can share free/busy calendar data vice a versa.
- Hybrid allows Secure mail routing between on-premises and Exchange Online organizations
- Administrators can use powerful and familiar Exchange management tools to move users to Exchange Online.
- OWA redirection allows for redirection from the on-premises environment to the Office 365 Outlook Web App environment.
- MailTips, out-of-office messages, and similar features understand that Office 365 and on-premises users are part of the same organization.
- Delivery reports and multi-mailbox search work with users who are on-premises and those working in Exchange Online.
- Authentication headers are preserved during cross-premises mail flow. So, all mail looks and feels like it is internal to the company (for example, recipient names resolve in the GAL).
- With the help of Directory Synchronization you get Unified GAL
- If necessary, administrators can easily move mailboxes back to the on-premises Exchange environment
- Cloud-based message archiving for on-premises Exchange mailboxes
- Administrators do not have to manually reconfigure Outlook profiles or resynchronize .OST files after they move users’ mailboxes
- As a migration path between on-premises Exchange Server and Office 365
- As a permanent state for your on-premises Exchange and Office 365 organizations
Compared to other native Office 365 migration methods, a Hybrid Exchange deployment quite simply provides the best end user experience. Although the trade-off for IT is a more complex infrastructure than a Staged or Cutover migration requires, the pay-off is well worth it, if you ask me.
ВАЖНО! К примеру, если клиент делает гибрид с Exchange 2007, то ему понадобиться роль на Exchange 2013. Подписку на Exchange Online клиент оформил. В таком случае, когда клиент принимает решение строить гибридную организацию, но у него нет лицензии на Exchange Server 2013, Microsoft предоставляет одну лицензию на Exchange Server CAS/HUB бесплатно.
Для компаний, насчитывающих тысячи пользователей, полная миграция за выходные невозможна. Осуществить миграцию с той скоростью, которая наиболее оптимальна организации, позволяет поэтапная миграция и гибридное развертывание. На первый взгляд в обоих вариантах структуры сосуществуют, почему бы не остановиться на варианте поэтапной миграции. Однако, функциональные различия существенны. Настраивая поэтапную миграцию мы, по сути, формируем общее SMTP пространство: почта ходит как в облаке, так и локально, маршрутизация, общая адресная книга и так далее. Но, все же не хватает…
Прежде всего, возможностей общего Exchange, к которому мы все так привыкли. Второе: гибрид дает возможность просто и быстро переместить ящики. Третье: гибрид дает отличные возможности настройки потока почты.
Итак, подводим итоги.
Once added you will see your On-Premises and the online environment in the Exchange Management Console (EMC)
As mentioned earlier the steps I used for this comes from here:
Launching the new Hybrid Configuration Wizard, Click Next
DSQuery, a command-line tool that has been around for some time, can provide Exchange Online users the ability to manage on-premises DLs. However, most users won't find it easy to manage DLs with this tool. Here are a couple of commands that illustrate this point:
dsquery group -name "Sales - East" | dsget group -members –expand
dsquery * forestroot -filter "(&(samAccountType=268435457)(mail=*))" -limit 0
The first command shows the members of a DL named Sales - East. The second command shows all the mail-enabled DLs in an AD forest. Most Exchange Online users are going to be very unhappy if you tell them they need to run commands like this to manage their DLs.
This solution architecture has been around for a while. To recap at a high level:
- DirSync – This needed to support the unified GAL across both environments. The organization’s AD will be synchronized to the cloud.
- ADFS – Used to authenticate users in the cloud using their on-premise credentials and domain. Single Sign On is not required, but highly recommended when implementing Exchange Hybrid.
- Microsoft Federation Gateway – Is the trust broker between the two environments.
- CAS / Edge Server Connection – On-premise an Exchange CAS or Edge Transport server can be connected to the cloud instance. Here is more information about the server the transport server you would configure to run with the cloud - .
- Mailbox / CAS Server - There are pre-requisites you must consider when setting up this hybrid. One important one is ensuring both the CAS and Mailbox servers that are running in hybrid are running at the right level. For instance is possible to have an Exchange 2007 or later org on-premise but will require the correct level Mailbox/CAS server also be added to the farm on-premise. Please review the prerequisites for details - .
As a consultant/architect with deep focus on Office 365, I configure a lot of Exchange hybrid deployments primarily for what can be considered large customers. A lot of the customers have Exchange 2003 or Exchange 2007 on-premise and wish to move to Exchange Online. Because of the size as well as requirements, these customers always choose the hybrid deployment based migration approach so that the migration is as transparent as possible for the end-users. However, I also see customers that simply want to keep some user mailboxes on-premise while moving others to Exchange Online. In addition, they would like to have the ability to be able to off board a mailbox.
So when it comes to hybrid configuration scenarios I rarely need to deal with an on-premise Exchange infrastructure where there are Edge Transport servers deployed in the perimeter network. Let’s face it, not many customers use this Exchange server role.
As you probably know, the hybrid deployment itself isn’t exactly rocket science, well depending on the infrastructure you deal with that is. We can have some tough challenges with the load balancing aspects, multiple forest, multiple UPN suffices etc. but the Exchange side of things has been made relatively simple now that we have the Hybrid Configuration Wizard (HCW).
Recently, I had a large customer that ran Exchange 2007 and had the Edge Transport role deployed in the perimeter network. And this introduces additional steps you need to account for when dealing with an Exchange hybrid deployment.
Most customers running Exchange 2007 that also have Edge Transport servers in the perimeter network usually use Exchange 2007 based Edge Transport servers. When this is the case, you not only need to deploy Exchange 2010 SP2 hybrid based servers with the Hub Transport and Client Access server roles (and the mailbox server role if the on-premise environment is Exchange 2003), but in order for mail flow to work properly, you must also use Exchange 2010 SP2 based Edge Transport servers.
If you're in the process of upgrading to Exchange 2010, or have only installed the Exchange 2010 Hybrid server role into your existing environment, you will also need to give your Email Address Policies (or Recipient Policies in Exchange 2003 terminology) some consideration. During the Hybrid Configuration Wizard, your Default Email Address Policy will be upgraded and then one of your Office 365 tenant domains will be added to the policy, before applying it to your Exchange organization.
Therefore it's important to make sure that the Email Address policies are in good order before you begin and you should be confident that when the Hybrid Configuration Wizard applies the Default Email Address policy it will complete successfully.
Outbound HTTP connection and proxy checks
Next, we need to consider any network infrastructure that might prevent our Exchange 2010 Hybrid servers from communicating with Office 365 via HTTPS. The number one issue I usually see is proxy server related, so it's worth ensuring that you've tackled this up-front before you run into issues.
If at all possible, I'd recommend allowing the Exchange Servers to communicate with Office 365 directly via HTTPS and avoid proxy servers for this communication altogether, however if that's not possible, ensure you do the following:
Certificates Install and assign Exchange services to a valid digital certificate purchased from a trusted public certificate authority (CA). Although self-signed certificates should be used for the on-premises federation trust with the Microsoft Federation Gateway, self-signed certificates can’t be used for Exchange services in a hybrid deployment. The Internet Information Services (IIS) instance on the Exchange servers configured in the hybrid deployment must have a valid digital certificate purchased from a trusted CA. Additionally, the EWS external URL and the Autodiscover endpoint specified in your public DNS must be listed in Subject Alternative Name (SAN) of the certificate. The certificate installed on the Exchange servers used for mail transport in the hybrid deployment must all use the same certificate (that is, they are issued by the same CA and have the same subject).
Learn more at Certificate requirements for hybrid deployments.
EdgeSync If you’ve deployed Edge Transport servers in your on-premises organization and want to configure the Edge Transport servers for hybrid secure mail transport, you must configure EdgeSync prior to using the Hybrid Configuration wizard. You also need to run EdgeSync each time you apply a new cumulative update or update rollup to an Edge Transport server.
Learn more at Edge Transport servers with hybrid deployments.